[Secure-testing-commits] r40007 - in data: CVE DSA
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Feb 28 14:39:59 UTC 2016
Author: carnil
Date: 2016-02-28 14:39:59 +0000 (Sun, 28 Feb 2016)
New Revision: 40007
Modified:
data/CVE/list
data/DSA/list
Log:
Add CVE-2016-1526 for the graphite2
Note: Details still missing, but from the mfsa2016-14 it is referenced
and probably the second DoS vulnerability. Mark with same fixed versions
as for CVE-2016-1523. It is as well said ind Mozilla advisory to be
fixed in Graphite2 1.3.5.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-28 14:00:17 UTC (rev 40006)
+++ data/CVE/list 2016-02-28 14:39:59 UTC (rev 40007)
@@ -3254,11 +3254,15 @@
CVE-2016-1527
RESERVED
CVE-2016-1526 (The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in ...)
- - graphite2 <unfixed>
+ - graphite2 1.3.5-1
NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
NOTE: Talos Blog mentions this CVE, but it is not listed in
NOTE: http://talosintel.com/vulnerability-reports/
- TODO: check
+ - iceweasel 44.0-1
+ [squeeze] - iceweasel <end-of-life>
+ - icedove 38.6.0-1
+ [squeeze] - icedove <end-of-life>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
CVE-2016-1525 (Directory traversal vulnerability in data/config/image.do in NETGEAR ...)
TODO: check
CVE-2016-1524 (Multiple unrestricted file upload vulnerabilities in NETGEAR ...)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2016-02-28 14:00:17 UTC (rev 40006)
+++ data/DSA/list 2016-02-28 14:39:59 UTC (rev 40007)
@@ -16,7 +16,7 @@
[wheezy] - gajim 0.15.1-4.1+deb7u1
[jessie] - gajim 0.16-1+deb8u1
[24 Feb 2016] DSA-3491-1 icedove - security update
- {CVE-2015-7575 CVE-2016-1523 CVE-2016-1930 CVE-2016-1935}
+ {CVE-2015-7575 CVE-2016-1523 CVE-2016-1526 CVE-2016-1930 CVE-2016-1935}
[wheezy] - icedove 38.6.0-1~deb7u1
[jessie] - icedove 38.6.0-1~deb8u1
[24 Feb 2016] DSA-3490-1 websvn - security update
@@ -60,14 +60,14 @@
{CVE-2014-8121 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779}
[wheezy] - eglibc 2.13-38+deb7u10
[15 Feb 2016] DSA-3479-1 graphite2 - security update
- {CVE-2016-1521 CVE-2016-1522 CVE-2016-1523}
+ {CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526}
[wheezy] - graphite2 1.3.5-1~deb7u1
[jessie] - graphite2 1.3.5-1~deb8u1
[15 Feb 2016] DSA-3478-1 libgcrypt11 - security update
{CVE-2015-7511}
[wheezy] - libgcrypt11 1.5.0-5+deb7u4
[14 Feb 2016] DSA-3477-1 iceweasel - security update
- {CVE-2016-1523}
+ {CVE-2016-1523 CVE-2016-1526}
[wheezy] - iceweasel 38.6.1esr-1~deb7u1
[jessie] - iceweasel 38.6.1esr-1~deb8u1
[13 Feb 2016] DSA-3476-1 postgresql-9.4 - security update
More information about the Secure-testing-commits
mailing list